SEC’s New Cybersecurity Rules Now in Effect
New cybersecurity rules from the US Securities and Exchange Commission (SEC) went into effect on December 15, 2023, reports Todd Ehret.
The rules “introduce mandatory cyber-incident reporting requirements for all US-listed companies.”
These rules represent a significant shift in disclosure requirements, as “disclosures must be filed within four business days after a company determines that it has experienced a material cyber-incident,” Ehret says.
Companies also must “ensure that best practices are in place across the enterprise to prevent cyberattacks and ensure that a proper response plan is in place that effectively stops or quickly remediates real threats when attacked,” he notes.
Read more at Thomson-Reuters.
12/20/2023